| VID |
18082 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The relevant host is running a version of YoungZSoft CMail Server prior to 5.2.1. CMailServer is an SMTP server for Microsoft Windows platforms. CMailServer versions 5.2 and earlier have multiple remote vulnerabilities like buffer overflow, SQL injection, HTML injection. A remote attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system.
* Note: This check solely relied on the banner of the remote SMTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.security.org.sg/vuln/cmailserver52.html
http://securitytracker.com/alerts/2004/Nov/1012324.html
* Platforms Affected:
Youngzsoft, CMailServer versions 5.2 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of CMailServer (5.2.1 or later), available from the Youngzsoft Web site at at http://www.youngzsoft.net/index.html |
| Related URL |
CVE-2004-1128,CVE-2004-1129,CVE-2004-1130 (CVE) |
| Related URL |
11742 (SecurityFocus) |
| Related URL |
18276,18280,18281 (ISS) |
|
